As obser­ved above, the SCA per­mits the government to requi­re ser­vice pro­vi­ders to pro­du­ce the contents of cer­tain prio­ri­ty stored com­mu­ni­ca­ti­ons “only pur­suant to awar­rant issued using the pro­ce­du­res descri­bed in the Federal Rules of Cri­mi­nalPro­ce­du­re (or, in the case of a Sta­te court, issued using Sta­te war­rant pro­ce­du­res) by a court of com­pe­tent juris­dic­tion.” 18 U.S.C. § 2703(a), (b)(1)(a). The pro­vi­si­ons in § 2703 that per­mit a ser­vice provider’s dis­clo­sure in respon­se to a duly obtai­ned war­rant donot men­ti­on any extra­ter­ri­to­ri­al app­li­ca­ti­on, and the government points to no pro­vi­si­on that even imp­li­cit­ly alludes to any such app­li­ca­ti­on. No rele­vant defi­ni­ti­on pro­vi­ded by eit­her Tit­le I or Tit­le II of ECPA, see 18 U.S.C. §§ 2510, 2711, sug­gests that Con­gress envi­sio­ned any extra­ter­ri­to­ri­al use for the sta­tu­te.

When Con­gress intends a law to apply extra­ter­ri­to­ri­al­ly, it gives an “affir­ma­ti­ve indi­ca­ti­on” of that intent. […]

The government asserts that “[n]othing in the SCA’s text, struc­tu­re, pur­po­se, or legis­la­ti­ve histo­ry indi­ca­tes that com­pel­led pro­duc­tion of records is limi­ted to tho­se stored dome­sti­cal­ly.” Gov’t Br. at 26 (for­mat­ting alte­red and empha­sis added). It empha­si­zes the requi­re­ment pla­ced on a ser­vice pro­vi­der to dis­c­lo­se custo­mers’ data, and the absence of any ter­ri­to­ri­al refe­rence restric­ting that obli­ga­ti­on. We find this argu­ment unper­sua­si­ve: It stands the pre­sump­ti­on against extra­ter­ri­to­ria­li­ty on its head.

If the dome­stic con­tacts pre­sen­ted by the case fall wit­hin the “focus” of the sta­tu­to­ry pro­vi­si­on or are “the objects of the statute’s soli­ci­tu­de,” then the app­li­ca­ti­on of the pro­vi­si­on is not unla­w­ful­ly extra­ter­ri­to­ri­al. Mor­r­i­son, 561 U.S. at 267. If the dome­stic con­tacts are merely secon­da­ry, howe­ver, to the sta­tu­to­ry “focus,” then the provision’s app­li­ca­ti­on to the case is extra­ter­ri­to­ri­al and pre­clu­ded.

The over­all effect is the embo­di­ment of an expec­ta­ti­on of pri­va­cy in tho­se com­mu­ni­ca­ti­ons, not­wi­th­stan­ding the role of ser­vice pro­vi­ders in their trans­mis­si­on and sto­ra­ge, and the impo­si­ti­on of pro­ce­du­ral restric­tions on the government’s (and other third par­ty) access to prio­ri­ty stored com­mu­ni­ca­ti­ons. The cir­cum­stan­ces in which the com­mu­ni­ca­ti­ons have been stored ser­ve as a pro­xy for the inten­si­ty of the user’s pri­va­cy inte­rests, dic­ta­ting the strin­gen­cy of the pro­ce­du­ral pro­tec­tion they recei­ve — in par­ti­cu­lar whe­ther the Act’s war­rant pro­vi­si­ons, sub­poe­na pro­vi­si­ons, or its § 2703(d) court order pro­vi­si­ons govern a dis­clo­sure desi­red by the government. Accord­in­gly, we think it fair to con­clu­de based on the plain mea­ning of the text that the pri­va­cy of the stored com­mu­ni­ca­ti­ons is the “object[] of the statute’s soli­ci­tu­de,” and the focus of its pro­vi­si­ons.

The infor­ma­ti­on sought in this case is the con­tent of the elec­tro­nic com­mu­ni­ca­ti­ons of a Micro­soft custo­mer. The con­tent to be sei­zed is stored in Dub­lin. The record is silent regar­ding the citi­zenship and loca­ti­on of the custo­mer. Alt­hough the Act’s focus on the customer’s pri­va­cy might sug­gest that the customer’s actu­al loca­ti­on or citi­zenship would be important to the extra­ter­ri­to­ria­li­ty ana­ly­sis, it is our view that the inva­si­on of the customer’s pri­va­cy takes place under the SCA whe­re the customer’s pro­tec­ted con­tent is acces­sed — here, whe­re it is sei­zed by Micro­soft, acting as an agent of the government. Becau­se the con­tent sub­ject to the War­rant is loca­ted in, and would be sei­zed from, the Dub­lin dat­a­cen­ter, the con­duct that falls wit­hin the focus of the SCA would occur out­side the United Sta­tes, regard­less of the customer’s loca­ti­on and regard­less of Microsoft’s home in the United Sta­tes.

Ergebnis

We con­clu­de that Con­gress did not intend the SCA’s war­rant pro­vi­si­ons to apply extra­ter­ri­to­ri­al­ly. The focus of tho­se pro­vi­si­ons is pro­tec­tion of a user’s pri­va­cy inte­rests. Accord­in­gly, the SCA does not aut­ho­ri­ze a U.S. court to issue and enforce an SCA war­rant against a United States‐based ser­vice pro­vi­der for the contents of a customer’s elec­tro­nic com­mu­ni­ca­ti­ons stored on ser­vers loca­ted out­side the United Sta­tes. The SCA war­rant in this case may not law­ful­ly be used to com­pel Micro­soft to pro­du­ce to the government the contents of a customer’s e‐mail account stored exclu­si­ve­ly in Ire­land. Becau­se Micro­soft has other­wi­se com­plied with the War­rant, it has no remai­ning law­ful obli­ga­ti­on to pro­du­ce mate­ri­als to the government.